WRT330N firewall blocks AXIS 206W webcam traffic

Similar Messages

• Why does my Cisco router firewall block Windows Server 2012 traffic, but not Windows Server 2008 traffic?

  Hello,
     I run a small business network with five physical servers: three Dell servers running Windows Server 2008 R2, one custom build running 2008, and another custom build running 2012 with Domain Controller Role (same hardware for both custom builds). 
  The Dell servers are all running the Hyper-V role and each has a number of 2008 VMs.  I also have a 2012 VM with the Domain Controller Role on one of the Hyper-V servers and another VM with a completely base install of 2012.
     All servers are plugged into a Cisco SG300-52 switch which is uplinked to a Cisco 881 router which is connected to a cable TWC provided Ubee cable modem.  I have no VLANs setup.  I do have the Firewall on the router configured
  to inspect most traffic.
     Here is my problem:  I cannot connect to most of the internet on ANY 2012 server (and all exhibit the exact same behavior), but I have NO problems connecting to the internet from 2008 servers.  Here is what I already know:
     1.) I can ping the outside world just fine so ICMP is passing to any external host.
     2.) Two of the 2012 servers are DCs running DNS services and they can connect to the internet just fine for DNS requests because they are doing a perfectly good job of providing DNS services to my network.
     3.) Here's where it gets really weird: I can browse in internet explorer to Bing.com and it works.  I can also go to a couple other Microsoft websites (though they are very slow).  If I click on any link in Bing, however, it doesn't
  work and gives me a page not available error.  If I connect to a non-MS website like Google or my company website, I get page not available.
      4.) I have tried to telnet to port 80 at Bing and it works.  I have tried to telnet to port 80 at google.com and it won't connect.  The 2008 servers have no issue telneting to either bing or google on port 80 and none of my client
  PCs on the network do either.
      5.) Windows Update will not connect and neither will any other update service such as AVG (I have AVG Antivirus installed WITHOUT firewall on two of the three servers. The base 2012 VM has no software installed and no roles...I built it
  just to see if it could connect after a fresh install and it still cannot.)
      6.) The network connection does not indicate limited connectivity (probably because ICMP appears to be passing successfully)
       7.) If I connect the server directly to the modem it has full internet access.
       8.) All internal LAN connectivity is perfectly fine and runs at full speed.
       9.) I have scoured the internet trying to find other examples of this particular kind of connectivity issue on 2012 and I have found two TechNet articles that are similar, but they both had the same resolution: changing the router
  worked, but no one knows why. (I would have included the links, but apparently I cannot do that yet)
  My question is this: What is different about Windows Server 2012 networking that would render it unable to communicate through a router that Windows Server 2008 has no problems with?  I ask because, unlike in these two articles where they were
  running personal networking equipment they could easily upgrade, I'm running a Cisco 881 with what should be virtually limitless configuration options and I have no desire to replace it.  I have to assume the issue is somehow related to the firewall configuration,
  which I could fix easily, but I don't know what to change.  If anyone knows what changed in 2012 and why I would be able to browse to bing and other MS sites but no where else, please pass them along.  Thanks.

  This is the IP Config for the 2012 DC:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : COMPANYDC02
     Primary Dns Suffix  . . . . . . . : company.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : company.local
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
     Physical Address. . . . . . . . . : 00-25-90-DC-EF-D5
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::81d5:53cf:bd07:14ed%12(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.10.10.202(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.10.10.1
     DHCPv6 IAID . . . . . . . . . . . : 301999504
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-96-D5-C3-00-25-90-DC-EF-D5
     DNS Servers . . . . . . . . . . . : 10.10.10.202
                                         10.10.10.221
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{9929D989-8E88-4096-A1CB-61F1DB173FA3}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  This is the IP Config for the fresh install 2012 VM:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : WIN-800299O7ES6
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : company.local
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . : company.local
     Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
     Physical Address. . . . . . . . . : 00-15-5D-0A-5C-02
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.10.10.49(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Saturday, August 23, 2014 10:23:01 PM
     Lease Expires . . . . . . . . . . : Wednesday, August 27, 2014 10:23:01 PM
     Default Gateway . . . . . . . . . : 10.10.10.1
     DHCP Server . . . . . . . . . . . : 10.10.10.1
     DNS Servers . . . . . . . . . . . : 10.10.10.220
                                         10.10.10.221
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.company.local:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : company.local
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  NOTE: 10.10.10.220 and 10.10.10.221 are the other domain controllers on my network.  One of them is 2012 and one of them is 2008.  They are both functioning correctly for providing DNS services.  The 2012 Virtual DC, however, still has
  the internet connectivity issue that this whole post was about in the first place.
  NOTE2: When I logged on to COMPANYDC02 this morning, it told me that I had new Windows Updates that needed to be downloaded.   Confused, I checked the most recent time WU had checked for updates at it had successfully checked for updates last night
  at 10pm.  Of course, it failed when trying to download them, but it appears that once in a while, a connection gets through successfully...

• Firewall blocks Airplay (even under 'allow all traffic')

  Hi every body,
  I am somewhat at the end of my knowledge. I have a mac mini server running Lion 10.7.2 server. Interestingly, my the server's firewall blocks
  a) all airplay traffic and
  b) 'reading Airport confirguration' requests
  even when the firewall is set to 'allow all traffic'. However, when I completely switch it off, everything works just fine.
  Any help would really be appreciated.
  Thanks a lot.
  Nonresidentalien
  P.S. I have also tried to open ports 80 (t), 443(t), 554 (t/u), 3689(t), 5297(t), 5289(t/u), 5353(u), 49159(u) and 49163(u) with no success

  Pointing to the IPv6 thread was a good idea. After reading it, I found out that the firewall preferences in Server Admin only show you IPv4 related firewall rules.
  There is a terminal command that allows you to play with IPv6 rules. And by doing so, I was actually able to get AirPlay working again.
  First, you want to show you the current IPv6 firewall rules. In my case they looked like this (10.7.2):
  reptilehouse:~ sascha$ sudo ip6fw show
  01000        285      96163 allow ipv6 from any to any via lo0
  01100         66       5750 allow ipv6 from any to ff02::/16
  65000          0          0 deny ipv6 from any to any
  65535          6        306 allow ipv6 from any to any
  As you can see, rule number 01100 only allows traffic to the local subnet, while the next rule (65000) blocks anything else. So you want to get rid of 65000:
  reptilehouse:~ sascha$ sudo ip6fw delete 65000
  To confirm, show the rule table again and you should see 65000 is gone:
  reptilehouse:~ sascha$ sudo ip6fw show
  01000        285      96163 allow ipv6 from any to any via lo0
  01100         66       5750 allow ipv6 from any to ff02::/16
  65535          6        306 allow ipv6 from any to any
  Mind you, the rule numbers could be different on your system and you could see more or less rules. But you get the idea.
  What I don't know if whether this is sticky, e.g. survives a reboot.

• Firewall blocking access to Hyper-V Virtual Machine. Please hep!

  Hi there, I hope this is the right spot for this. Allow me to explain the setup we have. We have a server with Hyper-V installed and a VC made for a DC  for a small domain we have.  I was able to remote into the new DC, and our exchange server
  was picking it up as a DC. So far so good.....
  Now, here's where we seem to have a problem. We Installed 'Symantec Endpoint Protection' As we have this on a few servers, we had a set of settings for servers. (I didn't set this part up) Now. the problem we are having is that it seems the end point protection
   on the Hyper-C  Host is blocking connections from Exchange/other computers (access shared folders and logging in). What  can i do to resolve this?  Connections seem to be fine, (Exchange will pick up the the DC, and i can access shared
  folders) when i  disable the firewall and network threat protection on the Hyper-V Host.  
  Our Exchange server is 2010
  We are using Server 08 R2
  Can someone please advise me on how i can get this resolved, so i don't have to leave the server with Hyper not behind a firewall or network threat protection. 

  Hi,
  I am Chetan Savade from Symantec Technical Support Team.
  There was a known issue between SEP and Hyper-V traffic. It's been resolved in the latest release of SEP. If not using the latest version upgrade to the latest version can be a possible solution.
  SEP 12.1 RU4 MP1a (12.1.4104.4130) is the latest verison. 
  HyperV traffic was blocked with Symantec Endpoint Protection Firewall enabled
  Fix ID: 3181006
  Symptom: The Symantec Endpoint Protection firewall blocks HyperV traffic.
  Solution: Modified the loopback packet processing in the Teefer driver.
  Reference: http://www.symantec.com/docs/TECH216262 
  Best Regards,
  CHETAN

• 10.6 Server's Firewall Blocks It's Own Internet Connection

  I had this problem about two years ago when I was trying to run 10.6 on my home server (Mac mini) for the first time. Eventually I gave up, reverted the mini back to 10.5, and ram problem-free for years. When 10.7 came out, I tried to upgrade the mini to that. That didn't go well either, but mostly due to Lion missing many many features (suprise!). So I figured that 10.6's problems were fixed by now, and gave it another shot. It went fine and I've been running for about a month problem free (or so I thought). But now it's offline again. I finally found one other person on another forum that had the EXACT same problem as me. And reading this description, I realize that I have been having problems all long, I just assumed they were my ISP's problems, not my own.
  So here's what happens. The firewall in 10.6 server will "freak out". It will be running normally, then suddenly it will go haywire and block everything. And I mean everything. My computer won't even be able to get an IP via DHCP. Everything is blocked. But as soon as you stop the firewall, everything works normally. You can even modify the firewall rules, and set it up so there are NO deny rules, and EVERY connection to and from every host is set to allow. And the firewall still blocks everything. This is the same exact thing that happened 2 years ago when I first tried to run 10.6 Server on my mini. The difference is that back then, this would happen either immediatly, or within a day. This time around, with 10.6.8, it took about a month before suddenly, without any provocation, all internet connections stopped.
  I've had this happen on multiple computers. I don't do anything special, I just set up a basic firewall scheme where everything in the LAN range is allowed, and everything from "any" is allowed only to service ports I'm running. The basic gateway setup. Now I was running 10.6 Server on my laptop (for netbooting) and it would do the same thing. But because my laptop wasn't acting as a gateway, I could just turn the firewall off (you need the firewall for NAT). My mini server IS acting as a gateway, as was another mini I set up for a client of mine (that eventualy I changed over so they were running off an airport, and the mini server was just a client. But I don't want that setup at home, I want my mini to be the router).
  I have verizon Fios internet. 25/25, it's great. The ONT is in my basement, and it's plugged into the same fused outlet as our freezer. From time to time, when the power goes out, it trips that breaker and the outlet goes dead. My itnernet is gone and I have to go reset the outlet. Once I do, my mini won't get an IP from Verizon until I reboot the mini. Not once. Not twice. Usually 5-10 reboots, and suddenly it will get an IP. I always assumed this was a verizon problem. Until I read someone else's post about this same problem. Turns out, that's the firewall blocking DHCP again! If you turn the firewall off, you don't have to keep rebooting, it will grab an IP right away.
  At least I'm not crazy! So what is going on here? Does anyone have any idea what is going on with my firewall, or how I can fix it?
  Lastly, after 4.5 hours of complete inability to get an internet connection with the firewall on, it just started working again. I now have fully functional, normal internet. I find it hard to believe 10.6 has a firewall that is simply broken. I find it even harder to believe I'm imagining things, or that I've had fluke after fluke. Something is going on with 10.6 Server.

  The DNS skapegoat just doesn't make sense.
  Why would "improper" DNS cause OS X's firewall to block all network connections? Even the server's ability to make it's own DHCP connection?
  As far as a router, I don't want to use a cheap unreliable residential router. I have a home file server that, aside from running 10.6, makes a super reliable router. And port mapping aside, OS X Server's DHCP server is great to use. Rock solid. It makes no sense to run a cheap residential router when I have a home server. Then every 6-18 months, I get to deal with that router slowly failing, as my internet connection gets slower and slower. No thanks.
  So back to this firewall issue. I've talked to Apple aobut this before, and they give the same generic "DNS has to be right" answer to basically every problem I've ever had with 10.6 Server (hinting at endless CalDAV problems). But no one has every explained what that specifically means, or how something like wrong DNS (whatever that even means) can cause the firewall to block everything. This just makes no sense to me. And this especially does not explain why, after 10 reboots or so, everything just magically starts running normally.
  I just had an incedent today where I woke up to no internet. I rebooted 3 times. Each time, I either got a self-assigned IP address, or the ethernet interface would toggled between "unplugged" and "no-ip". I could turn the firewall off and the server would INSTANTLY start functioning normally. I'd happily run without a firewall, and just turn all services I'm not using off. However NAT needs the firewall, so without the firewall, the Server is the only Mac on the network that has an internet connection. So I kept rebooting and rebooting, and I think about 8 reboots later, like magic, the server came up, grabbed an IP, and everything started working normally.
  Also my IP through my ISP is dynamic, and that isn't going to change. So yes, I am trying to use OS X Server as my router on a dynamic internet connection. I've been doing this since the days of Mac OS X Server 10.1. Only 10.6 has had any problems at all.
  So really, "10.6 is more picky about DNS" isn't an answer to this problem. Or, at least, it's not a sufficient answer. I need much more information than that.

• Firewall blocks web sharing

  2 computers, laptop with Snow Leopard, large web site in ~/Sites/htdocs, with .shtml files and an SSI file to add text common to all .shtml files. I'd like to see this on the desktop computer as it appears to others , but Firewall blocks web sharing on laptop. How do I  fix Firewall?

  System Preferences>Sharing.  Is File Sharing selected? 

• OS X firewall blocks iTMS

  I've spent about two hours trying to figure out why OS X personal firewall blocks the Music Store, with no luck. Unless the firewall is turned off, the other computers (all Macs) on the network cannot log in. The sympton is the "Accessing the store" and eventually timing out.
  There are a lot of Windows-specific posts about firewall problems, but none that I could find about the Mac firewall.

  I have an additional Ethernet card in my Mac, and share the Internet access via that card. The built in port is connected to a cable modem.
  The Ethernet out (from the second card) goes to a sixteen port GigE switch, which lights up various ports around the house.
  I don't use any wireless in the house.
  Andrew

• Firewall blocking video chat connection

  I tried to video chat with my wife today from work on my PlayBook. Got a message about a firewall blocking it when it tried to connect us. It gave no further info so it's kind of hard for me to figure out whether this is my work wifi or my own router at home causing this.
  Where can I find more info on this?
  Staff UI Prototyper (read: full-time hacker)
  My BB10 apps: Screamager | Scientific RPN Calculator | The Last Weather App

  Hello TheMarco,
  Do you know if porting forwarding has been enabled for the firewall settings?
  -HMthePirate
  Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!

• Firewall blocks DHCP after Logic Board Change

  I had my computer in repair and they changed the logic board. Since then "Set access to specific services" setting misbehaves and blocks DHCP configuration.
  After the repair it asked me to allow incoming connections for configd. I denied because I did not know it.
  Problem: configd is not listed in Preferences so it cannot be unblocked!!!
  How can I completely reset the rules table and start over?
  Firewall[41]: Deny configd data in from 10.37.129.1:67 uid = 0 proto=17
  Firewall[41]: Deny mDNSResponder data in from 169.254.203.40:5353 uid = 0 proto=17

  I give up. This is a horrible issue. Now, the Firewall blocks internet access to configd and mDNSResponder after wakeup from suspend despite being on the "Allow all incoming" list of the System Preferences panel.
  The firewall has become useless.
  Jul 17 14:22:13 garfield2 Firewall[42]: Deny configd data in from 10.37.129.1:67 uid = 0 proto=17
  Jul 17 14:22:15 garfield2 Firewall[42]: Deny configd data in from 10.211.55.1:67 uid = 0 proto=17
  Jul 17 14:22:22 garfield2 Firewall[42]: Deny configd data in from 10.37.129.1:67 uid = 0 proto=17
  Jul 17 14:22:24 garfield2 Firewall[42]: Deny configd data in from 10.211.55.1:67 uid = 0 proto=17
  Jul 17 14:22:30 garfield2 Firewall[42]: Deny configd data in from 10.37.129.1:67 uid = 0 proto=17
  Jul 20 09:18:58 garfield2 Firewall[42]: Deny mDNSResponder data in from fe80::21b:63ff:fe9b:37d4:5353 uid = 0 proto=17
  Jul 20 09:18:58 garfield2 Firewall[42]: Deny mDNSResponder data in from fe80::21c:42ff:fe00:0:5353 uid = 0 proto=17
  Jul 20 09:18:58 garfield2 Firewall[42]: Deny mDNSResponder data in from fe80::21c:42ff:fe00:1:5353 uid = 0 proto=17
  Jul 20 09:18:58 garfield2 Firewall[42]: Deny mDNSResponder data in from fe80::21b:63ff:fe9b:37d4:5353 uid = 0 proto=17

• Firewall blocks afp even though enabled!?

  This relates to a G5 running 10.4.11 and a mac pro running 10.5.5
  We are having a nightmare with file sharing between two machines. We can connect fine from the mac pro to the g5 via a ethernet router. We can't however connect from the g5 -we can however connect to the internet and pinging the mac pro works. We have tried connecting with the bonjour adress and the ip addres - no results. The personal file sharing tabs in system preferences on both machines are ticked. The firewall is set to allow essential services, and below are listed printer sharing, file sharing etc. However i opened the log and saw that a few afp connections had just been denied - turn the firewall off and we can connect to the macpro. Surely we should be able to connect on a local area network without the firewall blocking it? It also denies cupsd (we have a printer networked to the g5) but also less frequently nmbd, which seems weird as to my limited knowledge this is to do with windows file sharing - and we do not have a windows machine on the network.
  Weirdly I enabled the firewalls on both machines fairly recently after noticing they were off - however my client (i am a retoucher) has confirmed that filesharing was always like this - even when firewall off which I seem to recollect as correct. In theory if we have a router with firewall enabled do we need the firewall on on the macs?
  Please help I have reached the limit of my knowledge on this one! Many thanks

  On the MacPro > System Preferences > Sharing > File Sharing, is the list of shared folders what you expect and for each shared folder, are the authorized users and permissions set up as you would expect? Clicking on the options button underneath that panel, is AFP checked, and if desired or necessary, SMB and/or FTP?
  In theory, I would say yes, if you have full faith in the personal integrity of all the local users on the LAN, and you believe them to be cautious enough that they won't have inadvertently downloaded and installed some sort of malware onto their machines, and you believe that your LAN is adequately secured (e.g., using WPA2 for the WLAN), then it is true, you should only need to maintain the firewall at the internet-facing router.

• Firewall blocking access to app store

  Anyone know how to circumvent a firewall blocking app store access (same for itunes) - I can confirm access  when on a different network.

  found http://support.apple.com/kb/TS1629 which give port number etc for itunes - which I assume as the same for app store

• Cisco RV042 Firewall Blocking LAN Traffic

  Hello Everyone,
  I currently have an RV042G with a downstream SG-300 connected to one of the LAN interfaces.  Connected to the SG-300 are a couple servers running ESXi.  Intervlan routing is working fine on the current setup; however, I only able to connect to my ESXi hosts on a separate VLAN for approximately a minute before the connection is dropped.  I have concluded that the firewall seems to be culprit in blocking my traffic.  If I turn the firewall off, everything acts as expected.  There is a default "ANY/ANY" rule for LAN traffic enabled and I have added a couple extras allowing all traffic for IP ranges, but I still seem to be losing my connections.  To make matters more confusing, I can see ACCESS_RULE events in the firewall logs permitting the traffic (or so I'm interpretting).
  Regardless, here's how my rules currently stand below.  I put another ANY/ANY rule in because the default didn't seem to be working -- I immediately was able to ping other hosts on different VLANs after adding the rule.  I was under the assumption allowing all traffic from any source to any destination would make the LAN pretty accessible.  I would appreciate any guidance or resources on this topic to set up some quick firewall rules to get things up and running.  Thanks in advance.
  Priority
  Enable
  Action
  Service
  Source
  Interface
  Source
  Destination
  Time
  Day
  Delete
  123
  Allow
  All Traffic [1]
  LAN
  10.10.21.1 ~ 10.10.21.31
  10.10.10.10 ~ 10.10.10.10
  Always
  123
  Allow
  All Traffic [1]
  LAN
  10.10.10.10 ~ 10.10.10.10
  10.10.21.1 ~ 10.10.21.31
  Always
  123
  Allow
  All Traffic [1]
  LAN
  Any
  Any
  Always
  Allow
  All Traffic [1]
  LAN
  Any
  Any
  Always
  Deny
  All Traffic [1]
  WAN1
  Any
  Any
  Always
  Deny
  All Traffic [1]
  WAN2
  Any
  Any
  Always

  I guess I should clarify, the SG-300 is running in Layer 3 mode, and the VLANs are defined on it; however, the static routes are defined on the RV042.  Maybe there's a more efficient way of doing this? 
  Below is a scrubbed copy of my switch configuration. 
  config-file-header
  SWITCH01
  v1.3.5.58 / R750_NIK_1_35_647_358
  CLI v1.0
  set system mode router
  vlan database
  vlan 2
  exit
  no bonjour enable
  hostname SWITCH01
  no logging console
  ip ssh server
  ip ssh password-auth
  clock timezone CEST +1
  interface vlan 1
  ip address 10.10.10.2 255.255.255.0
  no ip address dhcp
  interface vlan 2
  name VIRTUAL-MANAGEMENT
  ip address 10.10.21.1 255.255.255.224
  interface gigabitethernet1
  description ESXI01:VMNIC0:MGMT
  switchport trunk allowed vlan add 2
  interface gigabitethernet20
  description UPLINK
  exit
  ip route 0.0.0.0 /0 10.10.10.1 metric 15
  The routes I have defined is:
  Destination IP
  Subnet Mask
  Default Gateway
  Hop Count
  Interface
  10.10.21.0
  255.255.255.224
  10.10.10.2
  1
  eth0
  10.10.10.0
  255.255.255.0
  0
  eth0
  255.255.252.0
  0
  eth1
  239.0.0.0
  255.0.0.0
  0
  eth0
  default
  0.0.0.0
  40
  eth1
  Just to reiterate the problem, I am able to connect to hosts on VLAN 2 from my computer on VLAN 1, but I am disconnected a minute or so later.  When the firewall is disabled, I have no issues with connecting to the host across VLANs and maintaining that connection.  Maybe I have a misconfiguration somewhere that is causing some issues?  I appreciate the help. 

• Firewall blocks Apple's Network Time Protocol

  Hi,
  I admit to not fully understanding everything about the Firewall on OS X server 10.4.11 and I'm hoping someone can help with a little(?) problem.
  On the WAN side, my "gateway" server is connected directly to my SpeedTouch 780 modem with a fixed IP address. On the LAN side are a couple of switches and then an Airport Extreme base station (192.168.2.249). This broadcasts wirelessly to a more distant Airport Express (192.168.2.247). Both WiFi devices are configured to obtain the time from Apple's European servers.
  After completing a Carbon Copy Cloner of my OS partition and rebooting on my usual volume I noticed the following denials in my Firewall log:
  Dec 28 12:50:16 nl1 ipfw: 65534 Deny UDP 17.72.255.12:123 192.168.2.249:3987 in via en0
  Dec 28 12:40:25 nl1 ipfw: 65534 Deny UDP 17.72.255.12:123 192.168.2.247:3814 in via en0
  In SA --> Firewall --> Settings --> Services --> Edit Services for: 192.168.1-net (en0/modem connection)
  I have the "Allow only traffic for: 192.168.1-net on these ports" checked and
  NTP - Network Time Protocol UDP/TCP is also checked.
  Under, Edit Services for: any
  I have the "Allow only traffic for: any" checked and
  NTP - Network Time Protocol UDP/TCP is also checked.
  Under, Edit Services for: 192.168.2-net (en1/LAN)
  I have the "Allow all traffic for: 192.168.2-net" checked.
  1) Why is this traffic being blocked?
  2) Why does the port number seem to get changed in transit? (I've got NAT running and Open Directory).
  3) Does the configuration under, "Allow only traffic for: any" overrule all other Firewall settings? So if for example a port under, "Allow only traffic for: 192.168.1-net on these ports" wasn't checked but was under, "Allow only traffic for: any", would the traffic be allowed through?
  Thanks and happy new year!
  Michael Franks

  Do you have NTP activated? Does it work? If it doesn't and you have the firewall activated, then open the required port. If it is working then don't worry about it.

• Win7 firewall blocking radius requests

  I have installed an open source radius server on my Windows 7 machine & I want to know why Windows 7 is blocking Radius server requests inbound? A device on my LAN sends an authorization request on UDP port 1645 towards the radius server. To confirm
  this, I put a packet sniffer just before the radius server to check the requests are coming inbound & I checked the port, so I'm certain it's coming in on 1645 (the actual request comes from a switch and the source and destination ports were the same in
  the capture). I therefore created an inbound rule to allow this through the Windows firewall but it doesn't appear to work. When the firewall is disabled, the authentication request is successful.
  I can't actually attach a picture, so I will just explain the rule as best I can:
  Accept inbound UDP port 1645 to any port. All profiles (domain, private, public), all programs, and all IP addresses
  I'd like to know if there is a way I can see a live feed of denied packets inbound so I can spot what is actually causing the problem 

  Look for a blocking rule. Windows Firewall might have created a blocking rule or there might be a different blocking rule causing the problem.
  Also turn on logging of dropped packets in the windows firewall so that you can see if it is the one dropping the traffic.

• Windows server firewall blocking active directory authentication?

  I'm having problems with authenticating macs on our windows 2003 server domain. When windows firewall is activated, mac clients(10.4) can no longer login. I've tried opening a number of ports e.g.TCP/UDP 53. UDP 464. but no luck. Any ideas which ports are necessary for the AD plugin to work properly?
  Thanks.
  macpro   Mac OS X (10.4.8)   1gb ram

  Why are you enabling Windows firewall on a domain controller?
  My recommendation is to turn it off and protect your entire site with a hardware firewall. The ports you need to open up are the very ones you should be blocking from the world to prevent attacks.
  Short of that:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=c2ef3846-43f0-4caf-9767 -a9166368434e&displaylang=en
  User Login and Authentication
  A user network logon across a firewall uses the following:
  • Microsoft-DS traffic (445/tcp, 445/udp)
  • Kerberos authentication protocol (88/tcp, 88/udp)
  • Lightweight Directory Access Protocol (LDAP) ping (389/udp)
  • Domain Name System (DNS) (53/tcp, 53/udp)
  Computer Login and Authentication
  A computer logon to a domain controller uses the following:
  • Microsoft-DS traffic (445/tcp, 445/udp)
  • Kerberos authentication protocol (88/tcp, 88/udp)
  • LDAP ping (389/udp)
  • DNS (53/tcp, 53/udp)
  Access File Resource
  File access uses SMB over IP (445/tcp, 445/udp).
  Perform a DNS Lookup
  To perform a DNS lookup across a firewall ports 53/tcp and 53/udp must be open. DNS is used for name resolution and supports other services such as the domain controller locator
  ...